Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)

critical Tenable OT Security Plugin ID 505537

Version 1.3

Jul 7, 2026, 11:10 AM

  • CVSS metrics ("CVSSv2 score" set to 8.3)
  • CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
  • CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "False")
  • Exploit attributes ("Exploitability ease" set to "No known exploits are available")

Plugin Feed: 202607071110